[Ethereum][Base] Bridge Helper Module with CCIP support

contracts/contracts/automation/AbstractCCIPBridgeHelperModule.sol

@@ -0,0 +1,72 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.0;
+
+import { AbstractSafeModule } from "./AbstractSafeModule.sol";
+import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+
+import { IRouterClient } from "@chainlink/contracts-ccip/src/v0.8/ccip/interfaces/IRouterClient.sol";
+import { Client } from "@chainlink/contracts-ccip/src/v0.8/ccip/libraries/Client.sol";
+
+abstract contract AbstractCCIPBridgeHelperModule is AbstractSafeModule {
+    /**
+     * @notice Bridges a token from the source chain to the destination chain using CCIP
+     * @param ccipRouter The CCIP router contract
+     * @param destinationChainSelector The selector for the destination chain
+     * @param token The token to bridge
+     * @param amount The amount of token to bridge
+     */
+    function _bridgeTokenWithCCIP(
+        IRouterClient ccipRouter,
+        uint64 destinationChainSelector,
+        IERC20 token,
+        uint256 amount
+    ) internal {
+        bool success;
+
+        // Approve CCIP Router to move the token
+        success = safeContract.execTransactionFromModule(
+            address(token),
+            0, // Value
+            abi.encodeWithSelector(token.approve.selector, ccipRouter, amount),
+            0 // Call
+        );
+        require(success, "Failed to approve token");
+
+        Client.EVMTokenAmount[]
+            memory tokenAmounts = new Client.EVMTokenAmount[](1);
+        Client.EVMTokenAmount memory tokenAmount = Client.EVMTokenAmount({
+            token: address(token),
+            amount: amount
+        });
+        tokenAmounts[0] = tokenAmount;
+
+        Client.EVM2AnyMessage memory ccipMessage = Client.EVM2AnyMessage({
+            receiver: abi.encode(address(safeContract)), // ABI-encoded receiver address
+            data: abi.encode(""),
+            tokenAmounts: tokenAmounts,
+            extraArgs: Client._argsToBytes(
+                Client.EVMExtraArgsV1({ gasLimit: 0 })
+            ),
+            feeToken: address(0)
+        });
+
+        // Get CCIP fee
+        uint256 ccipFee = ccipRouter.getFee(
+            destinationChainSelector,
+            ccipMessage
+        );
+
+        // Send CCIP message
+        success = safeContract.execTransactionFromModule(
+            address(ccipRouter),
+            ccipFee, // Value
+            abi.encodeWithSelector(
+                ccipRouter.ccipSend.selector,
+                destinationChainSelector,
+                ccipMessage
+            ),
+            0 // Call
+        );
+        require(success, "Failed to send CCIP message");
+    }
+}

contracts/contracts/automation/AbstractLZBridgeHelperModule.sol

@@ -1,36 +1,17 @@
 // SPDX-License-Identifier: BUSL-1.1
 pragma solidity ^0.8.0;
 
-import { AccessControlEnumerable } from "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
-import { ISafe } from "../interfaces/ISafe.sol";
+import { AbstractSafeModule } from "./AbstractSafeModule.sol";
 
 import { IOFT, SendParam } from "@layerzerolabs/oft-evm/contracts/interfaces/IOFT.sol";
 import { MessagingFee } from "@layerzerolabs/oapp-evm/contracts/oapp/OAppSender.sol";
 import { OptionsBuilder } from "@layerzerolabs/oapp-evm/contracts/oapp/libs/OptionsBuilder.sol";
 
 import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
 
-abstract contract AbstractLZBridgeHelperModule is AccessControlEnumerable {
+abstract contract AbstractLZBridgeHelperModule is AbstractSafeModule {
     using OptionsBuilder for bytes;
 
-    ISafe public immutable safeContract;
-
-    bytes32 public constant OPERATOR_ROLE = keccak256("OPERATOR_ROLE");
-
-    modifier onlyOperator() {
-        require(
-            hasRole(OPERATOR_ROLE, msg.sender),
-            "Caller is not an operator"
-        );
-        _;
-    }
-
-    constructor(address _safeContract) {
-        safeContract = ISafe(_safeContract);
-        _grantRole(DEFAULT_ADMIN_ROLE, address(safeContract));
-        _grantRole(OPERATOR_ROLE, address(safeContract));
-    }
-
     /**
      * @dev Bridges token using LayerZero.
      * @param lzEndpointId LayerZero endpoint id.
@@ -105,32 +86,4 @@ abstract contract AbstractLZBridgeHelperModule is AccessControlEnumerable {
         );
         require(success, "Failed to bridge token");
     }
-
-    /**
-     * @dev Helps recovering any tokens accidentally sent to this module.
-     * @param token Token to transfer. 0x0 to transfer Native token.
-     * @param amount Amount to transfer. 0 to transfer all balance.
-     */
-    function transferTokens(address token, uint256 amount)
-        external
-        onlyOperator
-    {
-        if (address(token) == address(0)) {
-            // Move ETH
-            amount = amount > 0 ? amount : address(this).balance;
-            payable(address(safeContract)).transfer(amount);
-            return;
-        }
-
-        // Move all balance if amount set to 0
-        amount = amount > 0 ? amount : IERC20(token).balanceOf(address(this));
-
-        // Transfer to Safe contract
-        // slither-disable-next-line unchecked-transfer unused-return
-        IERC20(token).transfer(address(safeContract), amount);
-    }
-
-    receive() external payable {
-        // Accept ETH to pay for bridge fees
-    }
 }

contracts/contracts/automation/AbstractSafeModule.sol

@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.0;
+
+import { AccessControlEnumerable } from "@openzeppelin/contracts/access/AccessControlEnumerable.sol";
+import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import { ISafe } from "../interfaces/ISafe.sol";
+
+abstract contract AbstractSafeModule is AccessControlEnumerable {
+    ISafe public immutable safeContract;
+
+    bytes32 public constant OPERATOR_ROLE = keccak256("OPERATOR_ROLE");
+
+    modifier onlySafe() {
+        require(
+            msg.sender == address(safeContract),
+            "Caller is not the safe contract"
+        );
+        _;
+    }
+
+    modifier onlyOperator() {
+        require(
+            hasRole(OPERATOR_ROLE, msg.sender),
+            "Caller is not an operator"
+        );
+        _;
+    }
+
+    constructor(address _safeContract) {
+        safeContract = ISafe(_safeContract);
+        _grantRole(DEFAULT_ADMIN_ROLE, address(safeContract));
+        _grantRole(OPERATOR_ROLE, address(safeContract));
+    }
+
+    /**
+     * @dev Helps recovering any tokens accidentally sent to this module.
+     * @param token Token to transfer. 0x0 to transfer Native token.
+     * @param amount Amount to transfer. 0 to transfer all balance.
+     */
+    function transferTokens(address token, uint256 amount) external onlySafe {
+        if (address(token) == address(0)) {
+            // Move ETH
+            amount = amount > 0 ? amount : address(this).balance;
+            payable(address(safeContract)).transfer(amount);
+            return;
+        }
+
+        // Move all balance if amount set to 0
+        amount = amount > 0 ? amount : IERC20(token).balanceOf(address(this));
+
+        // Transfer to Safe contract
+        // slither-disable-next-line unchecked-transfer unused-return
+        IERC20(token).transfer(address(safeContract), amount);
+    }
+
+    receive() external payable {
+        // Accept ETH to pay for bridge fees
+    }
+}